Jump to content

Fatdcuk

Honorary Members
 View Profile  See their activity

  • Posts

    20,705

  • Joined

 Content Type 

Posts posted by Fatdcuk

    Rootkit.Agent WINDOWS\SYSTEM32\DRIVERS\STR.SYS

    in Resolved Malware Removal Logs

    Posted

    Out pop the culprit :)

    Please rerun Rootrepeal file scan only.

    Highlight the following line then right click on it and select *wipe* file then immediately reboot.

    Path: C:\WINDOWS\system32\drivers\doitjnthfqy.sys

    Status: Invisible to the Windows API!

    Please update and run MBAM quick scan and allow it to delete what it finds then reboot once again.

    Rerun MBAM to confirm but the file should no longer be detected as the rootkit has been killed.

    HJT is showing clear of infections but i would like 1 more log just to check all is well.

    STEP 01

    Please visit this webpage for instructions for downloading ComboFix to your
    DESKTOP
    :

    Please ensure you read this guide carefully and install the Recovery Console first.

    NOTE!!:
    You must save and run
    ComboFix.exe
    on your DESKTOP and not from any other folder.
    Also,
    DO NOT
    click the mouse or launch any other applications while this is running or it may stall the program

    Additional links to download the tool:

    http://www.forospyware.com/sUBs/ComboFix.exe' rel="external nofollow">

    Note:
    The
    Windows Recovery Console
    will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
    Once installed, you should see a blue screen prompt that says:

    The Recovery Console was successfully installed.
    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click
      Yes
      to allow ComboFix to continue scanning for malware.

    • When the tool is finished, it will produce a report for you.

    • Please copy and paste the contents of
      C:\ComboFix.txt
      in your next reply

    Thanks in advance :)

    Rootrepeal is not running as it should

    in Resolved Malware Removal Logs

    Posted

    Hi ya the pay for version of MBAM is realtime protection component,we dont operate at the same level as an AV software so no conflicts there and i know quite a few folks that use AntiVir and MBAM combo :)

    As promised here's my closing spiel for all help sessions once finished :)

    Here's some handy reading tho Prevention page with lots of info and tips how to prevent this in the future.

    And if you want to improve speed/system performance after malware removal, take a look here.

    Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

    We hope our application has helped you eradicate this malicious Malware.

    If your current anti-virus solution let this infection through please consider purchasing the PRO version of Malwarebytes' Anti-Malware for additional protection against these types of malware.

    Safe surfing :)

    Rootkit.Agent WINDOWS\SYSTEM32\DRIVERS\STR.SYS

    in Resolved Malware Removal Logs

    Posted

    Hi True North and welcome to the MBAM forums,

    Excuse the delay in attention but we have a massive workload(over 4days backlog at the mo) and can only deal with when we get to them first come,first served basis.

    If someone bumps there own post it easy for it to be overlooked as at casual glance at the HJT forums that your session was already being attended too by the number of replies to your topic.

    Your Rootrepeal log is only for the Drivers scan and i will need a more complete report to identify the underlying rootkit that is present.

    Download the most recent Rootrepeal>>>

    http://rootrepeal.googlepages.com/

    Extract the file and run rootrepeal.exe

    Click on report tab on the bottom right of the software then press scan

    Put at check(Tick) in all box's except the 2 SSDT option's then press OK

    Place a check(Tick) in drive to be scanned(Usually you will only have to select C).

    Please save the logfile generated and copy and paste the contents of that log into your next reply.

    Thanks in advance :)

    NOT 100% confident in identifying the CLB driver

    in Resolved Malware Removal Logs

    Posted

    Hi and welcome to the MBAM forums :)

    First please do not attach .txt files as it compress's data and makes it harder to look at.Copy and paste of the contents of the log files(.txt) into a reply is the preferred way of seeing the output data.

    Next up you have done a drivers report only with Rootrepeal.

    I will need to see the *file* report which is the next button along from Drivers or alternatively read the bottom of my walthrough fix again and it explains how to generate the *file* report that is required.

    Thanks in advance :)

    Rootrepeal is not running as it should

    in Resolved Malware Removal Logs

    Posted

    Hi and welcome back :)

    Combofix has finished up the clean as anticipated.

    At the moment your showing as running 2 antivirus's in realtime this is ot a reccomended practice since both perform simillar roles then there is a high probability they will conflict with each other and instead of giving extra protection they could in fact null each other out at worst or a negative impact on pc performance at best.So best to decide to keep 1 resident and uninstall the second or else configure 1 to only run as on demand scan(backup scan) and not load in realtime.

    ComboFix log is showing clear so any more issue's to report on the PC ?

    Can't Remove uacinit.dll

    in Resolved Malware Removal Logs

    Posted

    Great well there is 2 more log's i would like to review before we can sound the all clear :)

    STEP 01

    Please visit this webpage for instructions for downloading ComboFix to your
    DESKTOP
    :

    Please ensure you read this guide carefully and install the Recovery Console first.

    NOTE!!:
    You must save and run
    ComboFix.exe
    on your DESKTOP and not from any other folder.
    Also,
    DO NOT
    click the mouse or launch any other applications while this is running or it may stall the program

    Additional links to download the tool:

    http://www.forospyware.com/sUBs/ComboFix.exe' rel="external nofollow">

    Note:
    The
    Windows Recovery Console
    will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
    Once installed, you should see a blue screen prompt that says:

    The Recovery Console was successfully installed.
    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click
      Yes
      to allow ComboFix to continue scanning for malware.

    • When the tool is finished, it will produce a report for you.

    • Please post the
      C:\ComboFix.txt
      along with a
      new HijackThis log
      so we may continue cleaning the system.

    TDSS.rtk Trojan

    in Resolved Malware Removal Logs

    Posted

    Ok then i just need to see to more logs before we can sound the all clear.

    STEP 01

    Please visit this webpage for instructions for downloading ComboFix to your
    DESKTOP
    :

    Please ensure you read this guide carefully and install the Recovery Console first.

    NOTE!!:
    You must save and run
    ComboFix.exe
    on your DESKTOP and not from any other folder.
    Also,
    DO NOT
    click the mouse or launch any other applications while this is running or it may stall the program

    Additional links to download the tool:

    http://www.forospyware.com/sUBs/ComboFix.exe' rel="external nofollow">

    Note:
    The
    Windows Recovery Console
    will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
    Once installed, you should see a blue screen prompt that says:

    The Recovery Console was successfully installed.
    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click
      Yes
      to allow ComboFix to continue scanning for malware.

    • When the tool is finished, it will produce a report for you.

    • Please post the
      C:\ComboFix.txt
      along with a
      new HijackThis log
      so we may continue cleaning the system.

    Rootrepeal is not running as it should

    in Resolved Malware Removal Logs

    Posted

    Hi yeah,

    Yes that CF is good to use,run that routine first.

    HiJackThis

    [*]Please download this program Trend Micro HijackThis to your desktop.

    [*]Double-click on it to run and install it.

    [*]Then launch the program and click on Do a system scan and save a logfile. This log file will open in Notepad.

    [*]Do not do anything with HJT at this point except copy and paste the contents of the log generated into a reply.

    I will give you heaps of support info after we have finished cleaning your PC but first of all lets make sure it's clean then i can point you in the direction of how to secure and avoid malware etc

    Rootrepeal is not running as it should

    in Resolved Malware Removal Logs

    Posted

    Hi ya,

    Works like a charm when the tech works,the trouble with these very advanced malwares is they know they cant hide from our tech so they have to result to dirty tricks to take us out the equation.

    Victim of our own sucess unfortunetly,ok would like to see a couple more logs before i sound the all clear.

    Can you please run ComboFix from regular mode as directed earliar.Now the rootkit is nuked it should be working again :)

    Also can yopu post a HijackThis log.

    Thanks in advance :)

    Rootrepeal is not running as it should

    in Resolved Malware Removal Logs

    Posted

    Great here come's the bomb :)

    Run Rootrepeal file scan only.

    Highlight the following line and right click on it.Select *wipe file*

    Path: I:\WINDOWS\system32\drivers\UACvyxvkiqqhesrrradv.sys

    Status: Invisible to the Windows API!

    Then reboot immediately!!

    After rebooting please run MBAM quick scan.Allow it to delete what if inds and reboot again.

    Please post back the log from that MBAM quickscan :)

    Rootrepeal is not running as it should

    in Resolved Malware Removal Logs

    Posted

    Ok RootRepeal has just been updated so would like to try that angle of attack again to see if we can attack the rootkit with that.

    Download Rootrepeal 1.3.3>>>

    http://rootrepeal.googlepages.com/

    Extract the file and run rootrepeal.exe

    Click on report tab on the bottom right of the software then press scan

    Put at check(Tick) in all box's except the 2 SSDT option's then press OK

    Place a check(Tick) in drive to be scanned(Usually you will only have to select C).

    Please save the logfile generated and copy and paste the contents of that log into your next reply.

    trojan.tdss removal help

    in Resolved Malware Removal Logs

    Posted

    Hi ya,

    Nothing to hit with HJT today....It is both a fix tool and a diagnostic too but best only used under guidance :)

    Since your logs are showing as clear i will lock this session as finished :)

    Here's some handy reading tho Prevention page with lots of info and tips how to prevent this in the future.

    And if you want to improve speed/system performance after malware removal, take a look here.

    Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

    We hope our application has helped you eradicate this malicious Malware.

    If your current anti-virus solution let this infection through please consider purchasing the PRO version of Malwarebytes' Anti-Malware for additional protection against these types of malware.

    Safe surfing :)

    Infected with UAC and cant use Rootrepeal

    in Resolved Malware Removal Logs

    Posted

    Your most welcome :)

    I will close this topic as resolved now but leave you with some perls of wisdom for avoiding a repeat encounter :)

    Here's some handy reading tho Prevention page with lots of info and tips how to prevent this in the future.

    And if you want to improve speed/system performance after malware removal, take a look here.

    Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

    We hope our application has helped you eradicate this malicious Malware.

    If your current anti-virus solution let this infection through please consider purchasing the PRO version of Malwarebytes' Anti-Malware for additional protection against these types of malware.

    Safe surfing :)

    Infected with UAC and cant use Rootrepeal

    in Resolved Malware Removal Logs

    Posted

    Hello,

    Ok lets try another angle of attack to get the data i need

    Could you please download GMER's MBR.exe

    http://www2.gmer.net/mbr/mbr.exe

    and save it to your root folder (ie. C:\).

    Then, click on Start->Run, type 'cmd', and hit Enter.

    A black box should pop up. Type the following, please (after each line, hit "Enter"):

    cd C:\
    mbr -t > Owner\Desktop\mbr_report.txt

    This will produce a file "mbr_report.txt" on your desktop. Please post the contents of the text documnent in tour next reply.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.